CVE-2018-8589

CVSS 7.8 HIGHEPSS 3.0%● KEV

In short

A flaw in Windows' Win32k.sys allows a local user to gain higher privileges than intended, potentially taking complete control of the system. This affects older Windows versions like Windows 7 and Windows Server 2008.

Technical detail

The vulnerability exists in Win32k.sys's improper handling of Win32 API calls, allowing local authenticated attackers to escalate privileges to kernel-level access. Exploitation requires local code execution capability and affects Windows 7, Windows Server 2008, and Windows Server 2008 R2.

Summary generated and translated by AI from the official description.

An elevation of privilege vulnerability exists when Windows improperly handles calls to Win32k.sys, aka "Windows Win32k Elevation of Privilege Vulnerability." This affects Windows Server 2008, Windows 7, Windows Server 2008 R2.

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products

Microsoft · Windows 7 Microsoft · Windows Server 2008 Microsoft · Windows Server 2008 R2

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8589 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-8589 http://www.securityfocus.com/bid/105796 http://www.securitytracker.com/id/1042140